U.S. General Accounting Office Issues RFID Report
posted by:Marty // 04:21 PM // June 19, 2005 // Surveillance and social sorting
A little late than never...
The U.S. General Accounting Office (GAO), Congress's oversight body, issued its report on the promise and perils of RFID use by the U.S. Federal Government, in May, 2005 (see "Information Security: Radio Frequency Identification Technology in the Federal Government"). The report highlights the use, or planned use, of RFID technology by Federal agencies. Moreover, the report makes the following findings regarding privacy and security of information:
Of the 16 agencies that responded to the question on legal issues associated with RFID implementation in our survey, only one identified what it considered to be legal issues. These issues relate to protecting an individual’s right to privacy and tracking sensitive documents and evidence.
Several security and privacy issues are associated with federal and commercial use of RFID technology. The security of tags and databases raises important considerations related to the confidentiality, integrity, and availability of the data on the tags, in the databases, and in how this information is being protected. Tools and practices to address these security issues, such as compliance with the risk-based framework mandated by the Federal Information Security Management Act (FISMA) of 20023 and employing encryption and authentication technologies, can help agencies achieve a stronger security posture. Among the key privacy issues are notifying individuals of the existence or use of the technology; tracking an individual’s movements; profiling an individual’s habits, tastes, or predilections; and allowing secondary uses of information. The Privacy Act of 1974 limits federal agencies’ use and disclosure of personal information,4 and the privacy impact assessments required by the E-Government Act of 2002 provide an existing framework for agencies to follow in assessing the impact on privacy when implementing RFID technology.5 Additional measures proposed to mitigate privacy issues, such as using a deactivation mechanism on the tag, incorporating blocking technology to disrupt transmission, and implementing an opt-in/opt-out framework for consumers remain largely prospective.
Supply & Deman Chain Executive, features this article, which offers a deconstructive view of the GAO's report.
The GAO report is flawed and provides a relatively unfavorable, potentially damaging view of RFID. The report cites several security-related issues that RFID can present, such as tracking individual movements, preferences, confidential personal information, etc. The report also suggests that interest from government officials in RFID is increasing, especially as costs fall and application uses expand. To compile the report the GAO focused on responses received from a variety of government agencies — 24 in total — including, the departments of State, Energy, Homeland Security, Labor and others.
As always, there are multiple views to every story.
Trackback Pings
TrackBack URL for this entry:
http://www.blogonnymity.com/powerblog/mt-tb.cgi/72
